有没有办法通过用户的 UID 从 FirebaseAuth 中删除用户? [英] Is there a way to delete a user from FirebaseAuth by their UID?

问题描述

我想知道是否有办法通过用户的 UID 从 FirebaseAuth 中删除用户.根据我在网上的研究，您似乎只能删除当前登录的用户.

I was wondering if there was a way to delete a user from FirebaseAuth by their UID. Upon my research online, it seems like you can only delete the current logged in user.

请告知是否有这种可能性.

Please advise if this is a possibility.

推荐答案

登录的用户只能删除自己的帐户.任何用户都没有能力或权限从您的客户端 Web 或移动应用程序中删除另一个帐户，无论是什么平台.这实际上是一个巨大的安全漏洞.

A user signed in can only delete their own account. No user has ability or permission to delete another account from your client web or mobile app, not matter what platform. That would actually be a huge security hole.

您可以做的是使用 Firebase Admin SDK 从您控制的后端删除用户，它能够管理用户.特权后端代码可以通过 UID 删除任何用户.如果您打算让您的最终用户在您的后端调用某个删除另一个用户的函数，您应该在您的后端代码中验证该用户应该拥有此权限.

What you can do instead is delete the user from a backend you control using the Firebase Admin SDK, which has the ability to manage users. Privileged backend code can delete any user by UID. If you intend for your end users to invoke some function on your backend that deletes another user, you should verify in your backend code that the user should have this privilege.

这篇关于有没有办法通过用户的 UID 从 FirebaseAuth 中删除用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！